c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-25 19:57:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix ACL checks for NFS kernel server

Browse Source 
This PR changes ZFS ACL checks to evaluate
fsuid / fsgid rather than euid / egid to avoid
accidentally granting elevated permissions to
NFS clients.

Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ryan Moeller <freqlabs@FreeBSD.org>
Closes #13221
This commit is contained in:
Ryan Moeller
2022-03-18 08:47:57 -04:00
committed by GitHub
parent a5920d24c0
commit d42979c6ef
12 changed files with 27 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/os/freebsd/spl/sys/sid.h
-25
View File
@@ -29,7 +29,6 @@
#ifndef _OPENSOLARIS_SYS_SID_H_
#define _OPENSOLARIS_SYS_SID_H_
#include <sys/idmap.h>
#include <sys/kidmap.h>
typedef struct ksiddomain {
char *kd_name; /* Domain part of SID */
@@ -59,28 +58,4 @@ ksiddomain_rele(ksiddomain_t *kd)
kmem_free(kd, sizeof (*kd));
}
static __inline uint_t
ksid_getid(ksid_t *ks)
{
panic("%s has been unexpectedly called", __func__);
}
static __inline const char *
ksid_getdomain(ksid_t *ks)
{
panic("%s has been unexpectedly called", __func__);
}
static __inline uint_t
ksid_getrid(ksid_t *ks)
{
panic("%s has been unexpectedly called", __func__);
}
#define kidmap_getsidbyuid(zone, uid, sid_prefix, rid) (1)
#define kidmap_getsidbygid(zone, gid, sid_prefix, rid) (1)
#endif /* _OPENSOLARIS_SYS_SID_H_ */